NIEWADA CLINIC IMPLANTOLOGY AND COSMETIC DENTISTRY

NIEWADA CLINIC IMPLANTOLOGY AND ESTHETIC STOMATOLOGY (hereinafter NIEWADA CLINIC) provides you with information regarding the processing and protection of your personal data, thereby fulfilling the obligations arising from applicable data protection legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter RODO). 

1. who collects and processes your personal data i.e. who is the controller of your data?

The Administrator of Your personal data is Paweł Niewada running the business activity NIEWADA CLINIC IMPLANTOLOGIA I STOMATOLOGIA ESTETYCZNA with the registered office in Warsaw 02-765, al. Wilanowska 5 lok. uż. 

How can you contact NIEWADA CLINIC?

If you have any questions regarding this Policy or if the principles of collecting, sharing or using your personal data do not meet your expectations, you can contact our Data Protection Officer
– at 605 66 77 50 (Mon. – Fri. 10.00 – 16.00),
– at the e-mail address: iod@niewadaclinic.pl
– at the address: NIEWADA CLINIC IMPLANTOLOGIA I STOMATOLOGIA ESTETYCZNA 02-765 Warsaw, al. Wilanowska 5 lok. uż. 2, with a note: IOD
The function of Data Protection Officer at NIEWADA CLINIC is performed by Marzena Secomska.
If our response is not satisfactory, you may file a complaint with the supervisory authority. 

What personal data NIEWADA CLINIC collects and processes 

a/ collects and processes data in connection with:
– providing dental services;
– marketing activities;
– Contacting through the forms available on the website;
– Established business relationships.

b/ depending on the purpose and legal basis of collecting and processing personal data, NIEWADA CLINIC may collect and process, among others, the following personal data:
– identification data, among others: name and surname, date of birth, PESEL or, in the absence thereof, series and number of identity card or passport,
– contact details, inter alia: address of residence, correspondence address, if different from the address of residence, e-mail address,
telephone numbers,
– data collected and processed to make the diagnosis, to carry out properly the process of your treatment, including in particular data concerning your health, with the proviso that this applies only to persons using dental services provided by NIEWADA CLINIC,
– image, in connection with the conducted monitoring.

4 How do we obtain your data?

a/ patients – data is collected directly from the data subject or an authorised person when booking an appointment and performing a dental service for you

b/ contractors – data is collected directly from you before concluding a contract or during its performance;

c/ representatives of the contractor – if your personal data have not been provided directly to the Administrator, it has been obtained from the contractor on whose behalf you are acting to the extent necessary to perform the contractual provisions/order (contact details);

d/ potential contractors – data are collected directly from you or from publicly available sources; where data are collected from publicly available sources, ADO collects your personal data: name, surname, company name, telephone number, e-mail address, professional position;

e/ users of contact forms – data is collected directly from you via the contact form or during the contact carried out in order to respond to the request made via the contact form;

f/ recipients of marketing activities – data may be collected directly from you or from the entity on whose behalf you are acting (name, surname, telephone number, email address, official position) or from publicly available sources (name, surname, company name, telephone number, email address, official position).

For what purpose do we process your personal data?

a/ patients – if you use dental services provided by NIEWADA CLINIC, we process your personal data in order to:
➢ establish your identity prior to the provision of services by verifying your details when you make a remote appointment and at the point of provision of services by NIEWADA CLINIC;
➢ provide health care services, including maintaining medical records, which we are obliged to do as a healthcare provider;
➢ provide health care;
➢ providing social security and managing social security systems and services, e.g.: issuing certificates and sick leave;
➢ Making medical diagnoses;
➢ exercising your rights as our patient – we collect and archive your statements authorising others to access your medical records and provide them with information about your health;
Contact you at the telephone number or e-mail address provided by you, e.g. to confirm a booking or to cancel an appointment for a medical or dental consultation or to remind you about the consultation.

We also process personal data for the legally justified purpose of the data controller:
➢ processing of complaints and requests;
➢ sending correspondence;
➢ Establishing and pursuing claims and defending against claims arising from our business activities, which constitutes the legitimate interest of the ADO in processing your personal data;
➢ We also keep accounting books and are subject to tax obligations – e.g. we issue bills for services rendered by us, which involves the necessity to process your personal data;
➢ ensuring security of persons and property by means of video monitoring, recording the image in the place of providing services by NIEWADA CLINIC , which constitutes the legitimate interest of data processing by ADO.

b/ If you are a contractor of NIEWADA CLINIC or if you act as a representative of a contractor, we process your personal data in order to:
➢ analysing offers, concluding and executing contracts and orders, in particular in connection with business correspondence (Article 6(1)(b) of the RODO);
➢ asserting and defending against claims arising from business activities, as part of the legitimate interest of the controller (Article 6(1)(f) of the RODO);
➢ for the purpose of issuing and transmitting invoices, maintaining accounting books and tax records, in fulfilment of the Administrator’s legal obligations (Article 6(1)(c) of the RODO);
➢ to ensure the security of persons and property using video surveillance, recording the image in the place where services are provided by NIEWADA CLINIC, which constitutes a legitimate interest of data processing by the ADO.

c/ If you are a potential contractor of NIEWADA CLINIC, we process your personal data in order to:
➢ take action prior to entering into a contract your request;
➢ Ensure the security of persons and property using video surveillance, recording the image at the place of providing services by NIEWADA CLINIC , which is the legitimate interest of data processing by ADO.

d/ If you use the contact forms available on the NIEWADA CLINIC website, your data is processed for:
➢ contacting you in relation to a question submitted via the contact form, based on your consent to data processing;
➢ asserting and defending against claims on account of the conducted activity, which constitutes the legitimate interest of data processing by ADO, when your request may justify data processing (e.g. when the request concerns a complaint).

e/ If marketing activities are undertaken with regard to you, your personal data are processed in order to send you messages about NIEWADA CLINIC services, promotions – within the framework of the ADO’s legitimate interest or your consent. 

6 What are the legal bases for our processing of your personal data?

Our activities are governed by specific legal provisions, mainly:
➢ Act of 6 November 2008 on Patient Rights and Patient Ombudsman;
➢ Act of 15 April 2011 on therapeutic activity;
➢ Act of 5 December 1996 on Medical and Dental Professions;
➢ Regulation of the Minister of Health of 9 November 2015 on the types, scope and models of medical records and the manner of their processing;
➢ RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC;
➢ Act of 29 September 1994 on accounting. 

7 How long do we keep your data?
We must store your data in accordance with the legislation that applies to us:
➢ personal data in medical records will be processed in accordance with the requirements of Article 29(1) of the Act of 6 November 2008 on Patients’ Rights and Patients’ Ombudsman (Journal of Laws 2019.1127);
➢ the retention period for accounting and tax records as required by law;
➢ the period of limitation of claims resulting from the law;
➢ the duration of the contract – in the case of contracts;
➢ Monitoring data:

a. monitoring records shall be stored for a period not exceeding 40 days from the date of recording;

b. in the event that the image recordings constitute evidence in a proceeding conducted on the basis of the law, or the ADO becomes aware that the image recordings may constitute evidence in the proceeding, the period specified in point a (above) shall be extended until the proceeding is legally concluded;

c. after the expiry of the periods referred to in point a. or b., the image recordings containing personal data obtained as a result of the monitoring, shall be destroyed, unless the separate provisions provide otherwise. 

8. is it your duty to provide data?

a/ Patients – use of our services is fully voluntary but we would like to inform you that:
➢ as a medical entity we are obliged to keep medical records in the manner prescribed by law, including marking the identity of the patient using his/her personal data, in which case failure to provide the data may result in refusal to book an appointment or provide health services;
➢ as a business entity we are legally obliged to process your data for accounting or tax purposes; failure to provide such data may result, for example, in our inability to issue an invoice or personalised bill in your favour;
➢ If you provide us with your telephone number or e-mail address on a voluntary basis – failure to do so shall not result in refusal of medical services, but you will not receive from us confirmation of your visit or message on cancellation of your visit;
➢ Your marketing consent is also on a voluntary basis – this means that refusing to provide it will not prevent you from using the services and you also have the right to withdraw your consent given to us at any time

b/ Contractors, contractor’s representatives – providing your personal data is voluntary but necessary to make an offer and subsequently to sign and perform a contract.

c/ Potential contractors – if you provide data directly to ADO, their provision is voluntary, but necessary to establish business relations, including the submission of an offer and conclusion of a contract.

d/ Users of contact forms – if you provide data necessary to respond to the request/question, it shall be a condition for obtaining a response. Failure to provide the data will result in the inability to respond to the application/question.

e/ Addressees of marketing activities – providing your data is voluntary. 

9. with whom do we share your personal data?
➢ Employees and associates of ADO authorized to process your personal data by order of ADO;
➢ persons authorised by you in the exercise of your patient rights;
➢ to entities entitled to receive such data – the data shall be transferred pursuant to the obligation arising from the provisions of law or upon a justified request of an authorized body, for example ZUS or to a court if as a result of proceedings the court makes such a request to us;
➢ to other medical entities cooperating with NIEWADA CLINIC in order to ensure continuity of treatment;
➢ entities entrusted by the ADO with the processing of personal data, including:
– service providers supplying NIEWADA CLINIC with technical and organizational solutions enabling provision of health services and management of the Clinic (in particular, ICT service providers, suppliers of diagnostic equipment, courier and postal companies);
– providers of legal and advisory services, in case of asserting and defending claims related to the activities carried out by NIEWADA CLINIC.

10 How do we protect your data?
Protecting and ensuring the confidentiality of your personal data is very important to us. We have implemented technical, organisational and physical security measures in order to:
➢ protect your data from loss, unauthorised access or destruction,
➢ Secure your information systems and protect your information,
➢ Recover your data in case of loss of data integrity or loss due to an emergency situation.

Where necessary, we use adequate encryption mechanisms or other means to protect your data. We periodically review our security procedures to analyse the arrangements in place and assess the need for any modifications. 

11. do we intend to transfer your personal data to countries outside the EEA*?
We do not intend to transfer your personal data to countries outside the European Economic Area. 

12. information about automated decision-making, including profiling
We will not make automated decisions about you, i.e. without human influence, including decisions as a result of profiling. 

13. information about updates to the privacy policy
This policy may be updated at any time. If changes are made, information about this will be posted on www.niewadaclinic.pl. 

14 Applicable law
The principles set out in this policy shall be governed by Polish law. 

15. what rights do you have in relation to the processing of your data by NIEWADA CLINIC ?
The rights presented below are related to privacy and concern the processing of your personal data, they are not absolute rights and they apply to specific situations and grounds for data processing.

1. the right of access to your personal data, including the right to receive information about your personal data (Article 15 RODO)

2. the right to rectification of data concerning you (art.16 RODO)

3. the right to demand erasure of your data – in cases specified in Article 17.1, taking into account the exceptions specified in the provision of Article 17.3 RODO;

4. the right to request the restriction of data processing – in cases referred to in Article 18 RODO

5. the right to data portability – in the cases referred to in the provisions of Article 20 RODO;

6. right to withdraw consent – if the ADO processes your data on the basis of consent, you have the right to withdraw consent at any time, without affecting the validity of the processing that was carried out on the basis of consent before its withdrawal.

7. the right to object to the processing of your data where the basis for the processing by the ADO was:
– the legitimate legal interest of the ADO (Article 6(1)(f) of the RODO);
– the necessity of the processing for the performance of a task carried out in the public interest or in the exercise of official authority
public authority entrusted to the controller (Article 6(1)(e) RODO).

8. the right to lodge a complaint to the authority supervising the observance of data protection provisions
i.e. to the President of the Office for Personal Data Protection:
– at telephone number 22 531 03 00,
– electronically to the e-mail address: kancelaria@uodo.gov.pl or through the Electronic Submission Box (only for those who possess a secure electronic signature),
– in writing to the address: President of the Office for Personal Data Protection, 2 Stawki Street, 00-193 Warsaw.

Issue 2
Warsaw, 25 September 2020

Paweł Niewada
Head of NIEWADA CLINIC IMPLANTOLOGY AND AESTHETIC STOMATOLOGY